Example #1
0
def handle_password_reset(username, new_password, new_password2):
    """
  Handles the submitted password reset request. Returns True if successful,
  False otherwise. Also handles all messages displayed to the user.
  """
    if not validation_utils.validate_password(new_password, new_password2):
        return False

    auth_utils.set_password(username, new_password)
    # Clean up the password reset key, so that it cannot be used again.
    query = """
    UPDATE users
    SET password_reset_key = NULL, password_reset_expiration = NULL
    WHERE email = %s
    """
    with flask.g.pymysql_db.cursor() as cursor:
        cursor.execute(query, [username])
    # Get the user's email.
    query = """
    SELECT first_name, email
    FROM members
      NATURAL JOIN users
    WHERE email = %s
    """
    with flask.g.pymysql_db.cursor() as cursor:
        cursor.execute(query, [username])
        result = cursor.fetchone()
    # Send confirmation email to user.
    email = result['email']
    name = result['first_name']
    msg = email_templates.ResetPasswordSuccessfulEmail.format(name)
    subject = "Password reset successful"
    email_utils.send_email(email, msg, subject, gmail=True)
    return True
Example #2
0
def handle_forgotten_password(email):
    """
  Handles a forgotten password request. Takes a submitted (username, email)
  pair and checks that the email is associated with that username in the
  database. If successful, the user is emailed a reset key. Returns True on
  success, False if the (username, email) pair is not valid.
  """
    # Check username, email pair.
    query = """SELECT user_id, first_name, email
    FROM members NATURAL JOIN users WHERE email = %s"""

    with flask.g.pymysql_db.cursor() as cursor:
        cursor.execute(query, [email])
        result = cursor.fetchone()
    if result is not None and email.lower() == result['email'].lower():
        name = result['first_name']
        user_id = result['user_id']
        # Generate a reset key for the user.
        reset_key = auth_utils.generate_reset_key()
        query = """
            UPDATE users
            SET password_reset_key = %s,
            password_reset_expiration = NOW() + INTERVAL %s MINUTE
            WHERE email = %s
            """
        with flask.g.pymysql_db.cursor() as cursor:
            values = [reset_key, constants.PWD_RESET_KEY_EXPIRATION, email]
            cursor.execute(query, values)
        # Determine if we want to say "your link expires in _ minutes" or
        # "your link expires in _ hours".
        if constants.PWD_RESET_KEY_EXPIRATION < 60:
            expiration_time_str = "{} minutes".format(
                constants.PWD_RESET_KEY_EXPIRATION)
        else:
            expiration_time_str = "{} hours".format(
                constants.PWD_RESET_KEY_EXPIRATION // 60)
        # Send email to user.
        msg = email_templates.ResetPasswordEmail.format(
            name,
            flask.url_for('auth.reset_password',
                          reset_key=reset_key,
                          _external=True), expiration_time_str)
        subject = "Password reset request"
        email_utils.send_email(email, msg, subject, gmail=True)
Example #3
0
def update_status(user_id, new_status, reimbursement_amount, decider_id=None):
    """
    Given a user_id and a status, update the status in the status
    table. 
    """
    if reimbursement_amount == "None":
        reimbursement_amount = None
    if decider_id is None:
        query = """
        UPDATE status SET status = %s, reimbursement_amt = %s WHERE user_id = %s
        """
        with flask.g.pymysql_db.cursor() as cursor:
            cursor.execute(query, [new_status, reimbursement_amount, user_id])
    else:
        query = """
        UPDATE status SET status = %s, reimbursement_amt = %s, decider_user_id = %s WHERE user_id = %s
        """
        with flask.g.pymysql_db.cursor() as cursor:
            cursor.execute(
                query, [new_status, reimbursement_amount, decider_id, user_id])
    first_name = get_name(user_id)
    email = get_email(user_id)
    if reimbursement_amount is not None and new_status == "Accepted":
        subject = "Reimbursement Information"
        msg = email_templates.ReimbursementEmail.format(
            first_name, reimbursement_amount)
        email_utils.send_email(email, msg, subject, gmail=True)
    elif new_status == "Accepted":
        subject = "Congratulations! You've Been Accepted!"
        msg = email_templates.AcceptedEmail.format(first_name)
        email_utils.send_email(email, msg, subject, gmail=True)
    elif new_status == "Rejected":
        subject = "Hacktech Application Update"
        msg = email_templates.RejectedEmail.format(first_name)
        email_utils.send_email(email, msg, subject, gmail=True)
Example #4
0
def handle_create_account(email, password, password2, first_name, middle_name,
                          preferred_name, last_name, dob):
    query = """
    SELECT email
    FROM users
    WHERE email = %s
    """
    with flask.g.pymysql_db.cursor() as cursor:
        cursor.execute(query, [email])
        result = cursor.fetchone()
    if result is not None:
        return (False, "You already have an account. Try recovering it?")

    if not validation_utils.validate_password(password, password2):
        return (False, "")
    flask.g.pymysql_db.begin()
    try:
        confirm_account_key = auth_utils.generate_confirm_account_key()
        # Insert the new row into users.
        query = """
        INSERT INTO users (email, password_hash, confirm_account_key)
        VALUES (%s, %s, %s)
        """
        with flask.g.pymysql_db.cursor() as cursor:
            cursor.execute(query, [email, "", confirm_account_key])
        # Set the password.
        auth_utils.set_password(email, password)

        query = """
        SELECT user_id FROM users WHERE email = %s
        """
        with flask.g.pymysql_db.cursor() as cursor:
            cursor.execute(query, [email])
            result = cursor.fetchone()
        user_id = result["user_id"]

        # Set rest of the info...
        query = """
        INSERT INTO members (user_id, first_name, preferred_name, middle_name, 
        last_name, date_of_birth)
        VALUES(%s, %s, %s, %s, %s, %s)
        """
        with flask.g.pymysql_db.cursor() as cursor:
            cursor.execute(query, [
                user_id, first_name, preferred_name, middle_name, last_name,
                dob
            ])
        query = """
        INSERT INTO applications (user_id, application_year) 
        VALUES(%s, %s)
        """
        ## TODO: Make sure to select it only from the current application year
        with flask.g.pymysql_db.cursor() as cursor:
            cursor.execute(query, [user_id, app_year.year + "0000"])
        query = """ 
        SELECT application_id FROM applications 
        WHERE user_id = %s
        """
        with flask.g.pymysql_db.cursor() as cursor:
            cursor.execute(query, [user_id])
            application_id = cursor.fetchone()
            application_id = application_id['application_id']

        query = """
        INSERT INTO status (user_id, application_id, status) 
        VALUES(%s, %s, %s)
        """
        with flask.g.pymysql_db.cursor() as cursor:
            cursor.execute(query, [user_id, application_id, 'Not Started'])

        flask.g.pymysql_db.commit()
        subject = "Thanks for creating an account!"
        msg = email_templates.CreateAccountSuccessfulEmail.format(first_name)
        email_utils.send_email(email, msg, subject)
    except Exception as e:
        print(e)
        flask.g.pymysql_db.rollback()
        return (
            False,
            "An unexpected error occurred. Make sure that you entered a valid email! If the error persists, please contact the hacktech organizers"
        )
    return (True, "")